Easy Chat Server Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Easy Chat Server version 3.1. This issue allows remote attackers to crash the application by sending oversized data through the message parameter. Exploitation involves establishing a session via the chat.ghp endpoint and then sending a POST request to body2.ghp with an excessively large message value, causing the service to crash.

Impact

Exploitation of this vulnerability leads to a crash of the Easy Chat Server application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first establish a valid session by sending a GET request to the chat.ghp endpoint. This request should include a username, room, and other necessary parameters. After the session is established, send a POST request to body2.ghp with a large payload in the message parameter. The application will crash, demonstrating the denial-of-service vulnerability.